tomaswolf opened a new pull request, #814: URL: https://github.com/apache/mina-sshd/pull/814
net.i2p.crypto:eddsa:0.3.0 has a bug and omits a crucial check in signature verification. This was reported as CVE-2020-36843[1] (signature malleability). The problem affects signature verification, but luckily the missing check can also be performed outside of the library. With this commit we do so and verify that the second 32 bytes of the signature is actually in the range [1..L), with L the order as given in RFC 7748.[2] This means that the use of net.i2p.crypto:eddsa:0.3.0, if used for ed25519 signatures via Apache MINA SSHD, is safe and **not** subject of CVE-2020-36843. Of course, vulnerability scanners will still report the vulnerability. Note that Apache MINA SSHD has only a completely optional dependency on net.i2p.crypto:eddsa:0.3.0. If that artifact is not present in the application using Apache MINA SSHD, Apache MINA SSHD will still work. In that case, ed25519 is supported via Bouncy Castle. [1] https://www.cve.org/CVERecord?id=CVE-2020-36843 [2] https://www.rfc-editor.org/rfc/rfc7748.html#section-4.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
